I just read an interesting article titled How Blockchain Could Put an End to Identity Theft.
I was very interested in how the article believes that identity theft has reached its current place in society because “consumers have historically favored convenience over privacy.”
The article also mentions that most consumers do not read the terms and conditions relating to social media and apps and that consumers have poor password management – of which I believe to be very true and have written about for several years.
Lastly, the article states that consumers have “transferred ownership” of their personal information by putting “every company and government institution in the identity management business.”
My initial response to the above is – REALLY?
Are consumers the primary reason why businesses in the United States often require our most sensitive information, including our Social Security number, to open accounts? And with this required sensitive information, are consumers the reason these businesses have experienced over 8,000 (known) data breaches since 2005? In addition, are consumers the reason there were 16.7 million victims of identity theft and fraud last year?
I do not think so!
So let’s look at the facts. The cybersecurity industry including security software, cloud security, cyber insurance and cyber law have grown significantly in the last few years – however, data breaches in the United States and worldwide continue at a breathtaking pace.
Nearly every day there is a headline news story about a new data breach (please see here) ranging from thousands to millions of records that are “lost or stolen” including social security numbers, driver’s license numbers, bank account numbers, dates of birth, passwords, and now even our personal health/medical information.
The result of these data breaches have included regulatory fines and penalties, lawsuits and litigation, reputational damage, and lost customers, revenue, and profits.
Most of these companies that experience a data breach spend millions of dollars on information security and governance – and then spend even more on data breach response and recovery. There is a clear disconnect between how much money is being spent on preventing data breaches and how much is being spent after a data breach.
So let’s return to the title of this article – can blockchain end identity theft? With the emergence of blockchain technology can consumers truly consider blockchain technology to be secure and safe?
If so, why are numerous industry groups such as financial institutions, healthcare, insurance, and credit bureaus (recall last year’s 145 million person Equifax data breach) so slow in implementing blockchain technology and processes?
If not, what are blockchain’s weaknesses and vulnerabilities?
I do not doubt that blockchain technology, when perfectly executed and protected, can be safe, secure and hacker proof.
However, can we depend on blockchain technology and its surrounding environment to be perfect – along with being perfect all the time?
My 28 years professional experience in the identity theft, insurance and data breach risk management business sectors makes me believe the answer is no.
In my opinion, any security technology system and its surrounding environment has some vulnerability, and I believe the blockchain technology environment is no exception.
To illustrate this point, you may be aware that most data breaches are related directly to human error.
For example, these two reports titled Dissecting Data Breaches and Debunking the Myths and Beazley’s 2018 Breach Briefing reveals the rapidly-changing cyber risk landscape highlight how vulnerabilities in systems, processes or human fallibility affect every organization regardless of sector and size.
Based on the above, I recommend that companies and individual consumers focus on response and recovery – because it’s not a question of if, but when a company experiences a data breach event, even if your organization has implemented Blockchain technology to prevent access to your organizations sensitive customer and employee data.
Mark Pribish is vp and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft and data breach risk management firm based in Phoenix, AZ. Contact him at firstname.lastname@example.org.